[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Aug 16 15:18:00 UTC 2016
The branch master has been updated
via 0f022f5a2201a591da7d373ebeeb7d29bdcaf95a (commit)
via 34d4d74575236245c7e133d121eb2302c18b21f1 (commit)
via 17ebf85abda18c3875b1ba6670fe7b393bc1f297 (commit)
from 1940aa6e6b51147df10a5bffcaaa2b9904209184 (commit)
- Log -----------------------------------------------------------------
commit 0f022f5a2201a591da7d373ebeeb7d29bdcaf95a
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Aug 16 15:19:55 2016 +0100
Corrupt signature earlier.
If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 34d4d74575236245c7e133d121eb2302c18b21f1
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Aug 16 15:08:06 2016 +0100
make update
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 17ebf85abda18c3875b1ba6670fe7b393bc1f297
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Aug 16 14:06:48 2016 +0100
Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 16 +++++++++++++++-
apps/apps.h | 2 ++
apps/ca.c | 2 +-
apps/cms.c | 4 ++--
apps/crl.c | 16 ++++++++--------
apps/ocsp.c | 4 ++--
apps/x509.c | 15 +++++++--------
crypto/asn1/asn1_lib.c | 7 +++++++
crypto/asn1/evp_asn1.c | 6 +++---
crypto/asn1/p5_pbe.c | 11 ++++++++---
crypto/asn1/p8_pkey.c | 2 +-
crypto/ct/ct_prn.c | 2 +-
crypto/dh/dh_ameth.c | 6 +++---
crypto/ec/ec_ameth.c | 2 +-
crypto/ec/ec_asn1.c | 4 ++--
crypto/ec/ecx_meth.c | 2 +-
crypto/pkcs12/p12_mutl.c | 2 +-
crypto/ts/ts_lib.c | 2 +-
crypto/ts/ts_rsp_verify.c | 4 ++--
crypto/ts/ts_verify_ctx.c | 2 +-
crypto/x509/t_x509.c | 5 +++--
crypto/x509v3/v3_lib.c | 2 +-
crypto/x509v3/v3_prn.c | 2 +-
doc/crypto/ASN1_STRING_length.pod | 11 ++++++++---
include/openssl/asn1.h | 3 ++-
util/libcrypto.num | 3 ++-
26 files changed, 86 insertions(+), 51 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 746f565..17a9fdc 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1938,7 +1938,7 @@ static const char *get_dp_url(DIST_POINT *dp)
gen = sk_GENERAL_NAME_value(gens, i);
uri = GENERAL_NAME_get0_value(gen, >ype);
if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
- char *uptr = (char *)ASN1_STRING_data(uri);
+ const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
if (strncmp(uptr, "http://", 7) == 0)
return uptr;
}
@@ -2581,3 +2581,17 @@ int has_stdin_waiting(void)
return _kbhit();
}
#endif
+
+/* Corrupt a signature by modifying final byte */
+int corrupt_signature(ASN1_STRING *signature)
+{
+ unsigned char *s;
+ size_t slen = ASN1_STRING_length(signature);
+
+ s = OPENSSL_memdup(ASN1_STRING_get0_data(signature), slen);
+ if (s == NULL)
+ return 0;
+ s[slen - 1] ^= 0x1;
+ ASN1_STRING_set0(signature, s, slen);
+ return 1;
+}
diff --git a/apps/apps.h b/apps/apps.h
index 33a2f68..8fb6f44 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -71,6 +71,8 @@ void wait_for_async(SSL *s);
int has_stdin_waiting(void);
# endif
+int corrupt_signature(ASN1_STRING *signature);
+
/*
* Common verification options.
*/
diff --git a/apps/ca.c b/apps/ca.c
index 331c136..4b4b37d 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -988,7 +988,7 @@ end_of_options:
x = sk_X509_value(cert_sk, i);
j = ASN1_STRING_length(serialNumber);
- p = (const char *)ASN1_STRING_data(serialNumber);
+ p = (const char *)ASN1_STRING_get0_data(serialNumber);
if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
BIO_printf(bio_err, "certificate file name too long\n");
diff --git a/apps/cms.c b/apps/cms.c
index 5899760..b5ae970 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1177,13 +1177,13 @@ static void receipt_request_print(CMS_ContentInfo *cms)
BIO_puts(bio_err, " Receipt Request Parse Error\n");
ERR_print_errors(bio_err);
} else {
- char *id;
+ const char *id;
int idlen;
CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
&rlist, &rto);
BIO_puts(bio_err, " Signed Content ID:\n");
idlen = ASN1_STRING_length(scid);
- id = (char *)ASN1_STRING_data(scid);
+ id = (const char *)ASN1_STRING_get0_data(scid);
BIO_dump_indent(bio_err, id, idlen, 4);
BIO_puts(bio_err, " Receipts From");
if (rlist) {
diff --git a/apps/crl.c b/apps/crl.c
index 3e30bdc..0140ff7 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -249,6 +249,14 @@ int crl_main(int argc, char **argv)
}
}
+ if (badsig) {
+ ASN1_BIT_STRING *sig;
+
+ X509_CRL_get0_signature(&sig, NULL, x);
+ if (!corrupt_signature(sig))
+ goto end;
+ }
+
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
@@ -319,14 +327,6 @@ int crl_main(int argc, char **argv)
goto end;
}
- if (badsig) {
- ASN1_BIT_STRING *sig;
- unsigned char *psig;
- X509_CRL_get0_signature(&sig, NULL, x);
- psig = ASN1_STRING_data(sig);
- psig[ASN1_STRING_length(sig) - 1] ^= 0x1;
- }
-
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
else
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 1cb11b2..1766878 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -951,8 +951,8 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
if (badsig) {
ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
- unsigned char *sigptr = ASN1_STRING_data(sig);
- sigptr[ASN1_STRING_length(sig) - 1] ^= 0x1;
+ if (!corrupt_signature(sig))
+ goto end;
}
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
diff --git a/apps/x509.c b/apps/x509.c
index ed49c4e..23265b2 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -603,6 +603,13 @@ int x509_main(int argc, char **argv)
objtmp = NULL;
}
+ if (badsig) {
+ ASN1_BIT_STRING *signature;
+ X509_get0_signature(&signature, NULL, x);
+ if (!corrupt_signature(signature))
+ goto end;
+ }
+
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
@@ -847,14 +854,6 @@ int x509_main(int argc, char **argv)
goto end;
}
- if (badsig) {
- ASN1_BIT_STRING *signature;
- unsigned char *s;
- X509_get0_signature(&signature, NULL, x);
- s = ASN1_STRING_data(signature);
- s[ASN1_STRING_length(signature) - 1] ^= 0x1;
- }
-
if (outformat == FORMAT_ASN1)
i = i2d_X509_bio(out, x);
else if (outformat == FORMAT_PEM) {
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 1b52107..f2f07ac 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -363,7 +363,14 @@ int ASN1_STRING_type(const ASN1_STRING *x)
return x->type;
}
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+ return x->data;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
unsigned char *ASN1_STRING_data(ASN1_STRING *x)
{
return x->data;
}
+#endif
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index ad3a5bc..a458367 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -30,13 +30,13 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
{
int ret, num;
- unsigned char *p;
+ const unsigned char *p;
if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
return (-1);
}
- p = ASN1_STRING_data(a->value.octet_string);
+ p = ASN1_STRING_get0_data(a->value.octet_string);
ret = ASN1_STRING_length(a->value.octet_string);
if (ret < max_len)
num = ret;
@@ -105,7 +105,7 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
n = max_len;
if (data != NULL)
- memcpy(data, ASN1_STRING_data(atmp->oct), n);
+ memcpy(data, ASN1_STRING_get0_data(atmp->oct), n);
if (ret == -1) {
err:
ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index 92da23e..ab7e168 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -29,7 +29,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
{
PBEPARAM *pbe = NULL;
ASN1_STRING *pbe_str = NULL;
- unsigned char *sstr;
+ unsigned char *sstr = NULL;
pbe = PBEPARAM_new();
if (pbe == NULL) {
@@ -44,16 +44,20 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
}
if (!saltlen)
saltlen = PKCS5_SALT_LEN;
- if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
+
+ sstr = OPENSSL_malloc(saltlen);
+ if (sstr == NULL) {
ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
goto err;
}
- sstr = ASN1_STRING_data(pbe->salt);
if (salt)
memcpy(sstr, salt, saltlen);
else if (RAND_bytes(sstr, saltlen) <= 0)
goto err;
+ ASN1_STRING_set0(pbe->salt, sstr, saltlen);
+ sstr = NULL;
+
if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
goto err;
@@ -66,6 +70,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
return 1;
err:
+ OPENSSL_free(sstr);
PBEPARAM_free(pbe);
ASN1_STRING_free(pbe_str);
return 0;
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
index ebee6b5..c08aa85 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -57,7 +57,7 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
if (ppkalg)
*ppkalg = p8->pkeyalg->algorithm;
if (pk) {
- *pk = ASN1_STRING_data(p8->pkey);
+ *pk = ASN1_STRING_get0_data(p8->pkey);
*ppklen = ASN1_STRING_length(p8->pkey);
}
if (pa)
diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
index 2786746..376e045 100644
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -41,7 +41,7 @@ static void timestamp_print(uint64_t timestamp, BIO *out)
* characters long with a final Z. Update it with fractional seconds.
*/
BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
- ASN1_STRING_data(gen), (unsigned int)(timestamp % 1000));
+ ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
ASN1_GENERALIZEDTIME_print(out, gen);
ASN1_GENERALIZEDTIME_free(gen);
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 78aea36..2e67eeb 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -600,7 +600,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
dhpeer = DHparams_dup(pk->pkey.dh);
/* We have parameters now set public key */
plen = ASN1_STRING_length(pubkey);
- p = ASN1_STRING_data(pubkey);
+ p = ASN1_STRING_get0_data(pubkey);
if (!p || !plen)
goto err;
@@ -690,7 +690,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
if (ukm) {
dukmlen = ASN1_STRING_length(ukm);
- dukm = OPENSSL_memdup(ASN1_STRING_data(ukm), dukmlen);
+ dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
if (!dukm)
goto err;
}
@@ -834,7 +834,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
if (ukm) {
dukmlen = ASN1_STRING_length(ukm);
- dukm = OPENSSL_memdup(ASN1_STRING_data(ukm), dukmlen);
+ dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
if (!dukm)
goto err;
}
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index f6a3f5c..44dfbb4 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -593,7 +593,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
}
/* We have parameters now set public key */
plen = ASN1_STRING_length(pubkey);
- p = ASN1_STRING_data(pubkey);
+ p = ASN1_STRING_get0_data(pubkey);
if (!p || !plen)
goto err;
if (!o2i_ECPublicKey(&ecpeer, &p, plen))
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 8714a4b..e10deff 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -948,7 +948,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
if (priv_key->privateKey) {
ASN1_OCTET_STRING *pkey = priv_key->privateKey;
- if (EC_KEY_oct2priv(ret, ASN1_STRING_data(pkey),
+ if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey),
ASN1_STRING_length(pkey)) == 0)
goto err;
} else {
@@ -967,7 +967,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
const unsigned char *pub_oct;
int pub_oct_len;
- pub_oct = ASN1_STRING_data(priv_key->publicKey);
+ pub_oct = ASN1_STRING_get0_data(priv_key->publicKey);
pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) {
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 354d387..f717951 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -151,7 +151,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
p = NULL;
plen = 0;
} else {
- p = ASN1_STRING_data(oct);
+ p = ASN1_STRING_get0_data(oct);
plen = ASN1_STRING_length(oct);
}
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 9bd672a..9c0c4df 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -143,7 +143,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
}
X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
- || CRYPTO_memcmp(mac, ASN1_STRING_data(macoct), maclen))
+ || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen))
return 0;
return 1;
}
diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
index e18f1f3..99c0580 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -85,7 +85,7 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
BIO_printf(bio, "Message data:\n");
msg = a->hashed_msg;
- BIO_dump_indent(bio, (const char *)ASN1_STRING_data(msg),
+ BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg),
ASN1_STRING_length(msg), 4);
return 1;
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 99f664b..2755dd0 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -472,7 +472,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
length = ASN1_STRING_length(current);
if (i > 0)
*p++ = '/';
- strncpy(p, (const char *)ASN1_STRING_data(current), length);
+ strncpy(p, (const char *)ASN1_STRING_get0_data(current), length);
p += length;
}
*p = '\0';
@@ -568,7 +568,7 @@ static int ts_check_imprints(X509_ALGOR *algor_a,
}
ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
- memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;
+ memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
err:
if (!ret)
TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 141385d..d4792ee 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -128,7 +128,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
ret->imprint_len = ASN1_STRING_length(msg);
if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
goto err;
- memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
+ memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
if ((nonce = req->nonce) != NULL) {
if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 5fbe767..c96ada8 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -248,8 +248,9 @@ int X509_ocspid_print(BIO *bp, X509 *x)
if (keybstr == NULL)
goto err;
- if (!EVP_Digest(ASN1_STRING_data(keybstr), ASN1_STRING_length(keybstr),
- SHA1md, NULL, EVP_sha1(), NULL))
+ if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
+ ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
+ NULL))
goto err;
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index 25d019e..a3ca720 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -203,7 +203,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
if ((method = X509V3_EXT_get(ext)) == NULL)
return NULL;
extvalue = X509_EXTENSION_get_data(ext);
- p = ASN1_STRING_data(extvalue);
+ p = ASN1_STRING_get0_data(extvalue);
extlen = ASN1_STRING_length(extvalue);
if (method->it)
return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 3048b67..4b1d0c3 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -79,7 +79,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
int ok = 1;
extoct = X509_EXTENSION_get_data(ext);
- p = ASN1_STRING_data(extoct);
+ p = ASN1_STRING_get0_data(extoct);
extlen = ASN1_STRING_length(extoct);
if ((method = X509V3_EXT_get(ext)) == NULL)
diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod
index a57de1c..26cb176 100644
--- a/doc/crypto/ASN1_STRING_length.pod
+++ b/doc/crypto/ASN1_STRING_length.pod
@@ -3,14 +3,15 @@
=head1 NAME
ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
-ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 -
-ASN1_STRING utility functions
+ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data,
+ASN1_STRING_to_UTF8 - ASN1_STRING utility functions
=head1 SYNOPSIS
#include <openssl/asn1.h>
int ASN1_STRING_length(ASN1_STRING *x);
+ const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x);
unsigned char * ASN1_STRING_data(ASN1_STRING *x);
ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
@@ -29,10 +30,14 @@ These functions allow an B<ASN1_STRING> structure to be manipulated.
ASN1_STRING_length() returns the length of the content of B<x>.
-ASN1_STRING_data() returns an internal pointer to the data of B<x>.
+ASN1_STRING_get0_data() returns an internal pointer to the data of B<x>.
Since this is an internal pointer it should B<not> be freed or
modified in any way.
+ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the
+returned value is not constant. This function is deprecated:
+applications should use ASN1_STRING_get0_data() instead.
+
ASN1_STRING_dup() returns a copy of the structure B<a>.
ASN1_STRING_cmp() compares B<a> and B<b> returning 0 if the two
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index fcf6de9..40526fb 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -550,7 +550,8 @@ void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(const ASN1_STRING *x);
void ASN1_STRING_length_set(ASN1_STRING *x, int n);
int ASN1_STRING_type(const ASN1_STRING *x);
-unsigned char *ASN1_STRING_data(ASN1_STRING *x);
+DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 6064c98..7fb02f7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -527,7 +527,7 @@ BN_set_negative 527 1_1_0 EXIST::FUNCTION:
i2d_TS_RESP_bio 528 1_1_0 EXIST::FUNCTION:TS
ASYNC_WAIT_CTX_set_wait_fd 529 1_1_0 EXIST::FUNCTION:
ERR_func_error_string 530 1_1_0 EXIST::FUNCTION:
-ASN1_STRING_data 531 1_1_0 EXIST::FUNCTION:
+ASN1_STRING_data 531 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
X509_CRL_add1_ext_i2d 532 1_1_0 EXIST::FUNCTION:
i2d_TS_TST_INFO 533 1_1_0 EXIST::FUNCTION:TS
OBJ_sigid_free 534 1_1_0 EXIST::FUNCTION:
@@ -4190,3 +4190,4 @@ X509_get_proxy_pathlen 4136 1_1_0 EXIST::FUNCTION:
DSA_bits 4137 1_1_0 EXIST::FUNCTION:DSA
EVP_PKEY_set1_tls_encodedpoint 4138 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get1_tls_encodedpoint 4139 1_1_0 EXIST::FUNCTION:
+ASN1_STRING_get0_data 4140 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list